Re: [OSL | CCIE_Security] EZVPN DVTI

[Sumit Mahla]

The same config for EZVPN Client has worked for me twice...

 

i actually did some practice for all possible EZVPN client config's... and did 
a note of all config's.... The below configured config some time works... and 
some time not.......

 

 

when i type in crypto ipsec client ezvpn xauth....... it says no pendoing xauth 
request...

 

and some time it does work....


 


From: sumitma...@hotmail.com
To: ccie_security@onlinestudylist.com
Date: Wed, 5 May 2010 00:46:13 +0530
Subject: [OSL | CCIE_Security] EZVPN DVTI



Hello All,
 
 
Can any one please spot the mistake in the config.... ? I tried to configure 
four different ezvpn config using DVTI on SERVER and different config's on 
client...... out of these only one didn't worked for me.... that's given 
below...
 
i kept the SERVER config unaltered... however for EZVPN client mode out of 4 
the one given below did not worked...
 
 
 
 
Please suggest the mistake...
 
 
 
 

SERVER
aaa new-model
aaa authentication login EZ-AUTHEN local
aaa authorization network EZ-AUTHOR local
username cisco password 0 cisco
crypto isakmp policy 10
    encr 3des
    authentication pre-share
    group 2
crypto isakmp keepalive 10
!
crypto isakmp client configuration group EZC
    key ccie
    pool EZP
    acl 110               
crypto isakmp profile EZVPN
    match identity group EZC
    client authentication list EZ-AUTHEN
    isakmp authorization list EZ-AUTHOR
    client configuration address respond
    virtual-template 1
!
crypto ipsec transform-set EZ-SET esp-3des esp-md5-hmac
crypto ipsec profile DVTI
    set transform-set EZ-SET
    set isakmp-profile EZVPN
 
interface Loopback100
    ip address 100.100.100.1 255.255.255.0
interface FastEthernet0/0
    ip address 10.10.10.1 255.255.255.0
interface Virtual-Template1 type tunnel
    ip unnumbered FastEthernet0/0
    tunnel source FastEthernet0/0
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile DVTI
ip local pool EZP 172.16.0.1 172.16.0.10
access-list 110 permit ip 100.100.100.0 0.0.0.255 any
 
 
 
 
 
CLIENT -à 
crypto ipsec client ezvpn ABC
    connect auto
    group EZC key ccie
    local-address FastEthernet0/0
    mode client
    peer 10.10.10.1
    username cisco password cisco             
    xauth userid mode interactive                             
interface Loopback200
   ip address 200.200.200.1 255.255.255.0
   crypto ipsec client ezvpn ABC inside
interface FastEthernet0/0
   ip address 10.10.10.2 255.255.255.0
   crypto ipsec client ezvpn ABC
 
interface Virtual-Template1 type tunnel
    no ip address
    tunnel mode ipsec ipv4
  
 
 
Regards
 
 



All the post budget analysis and implications Sign up now.                      
                  
_________________________________________________________________
Catch the latest in the world of fashion
http://lifestyle.in.msn.com/
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com